Remarks 

Applicant respectfully requests reconsideration and allowance of the 
subject application. Claims 1, 4-19, 21-27, 29-31, and 35-42 are pending in the 
application. 

Claim Rejections under 35 USC S101 

Claims 1, 4-19, 21-27, 29-31, and 35-42 stand rejected under 35 U.S.C. § 101 
because the claimed invention is alleged to be directed to non-statutory subject matter. 
The Office contends that the interaction of business logic with the pluggable security 
policy enforcement module lacks tangible result and practical application as the business 
logic is a mathematical operation. {Office Action dated 08/24/2006, page 3). Applicant 
has made appropriate modifications and requests the Office to withdraw the above 
rejection. 

Claim Rejections under 35 U.S.C. S 102 

Claims 1, 4-19, 21-27, 29-31, and 35-42 stand rejected under 35 U.S.C. 
§ 102(e) as being anticipated by U.S. Patent No. 6,487,665 to Andrews et al. 
(hereinafter, "Andrews"). Applicant respectfully traverses the rejection. 

Independent claim 1 (emphasis added) recites a system comprising: 
a pluggable security policy enforcement module configured to be 
replaceable in the system and to provide different granularities of control for a 
business logic module in the system, wherein the business logic module processes 
requests submitted to the system, wherein the business logic module contains 
problem-solving logic that produces solutions for a particular problem domain, 
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wherein the pluggable security policy enforcement module is configured to 
determine, for a particular granularity of control, whether to permit an operation, 
requested by a user based at least in part on a permission assigned to the user, and 
wherein the business logic module employs interaction-based definitions in which 
a component which performs the operation is defined by a series of request- 
response interaction definitions that can be satisfied to perform the operation, 

and wherein the different granularities of control comprise a plurality of 
sets of rules that can be replaced with each other without altering the business 
logic. 

Meanwhile, Andrews is concerned with providing a security framework 
that allows for intra-process access checks on calls to objects. {Andrews, Col 2, 
lines 54-57). Specifically, when an object issues a method call to another object to 
access the functionality of the latter object, a wrapper is interposed between the 
objects through which the call passes. {Andrews, Col 7, lines 52-57). The wrapper 
can invoke various security function calls to the operating system and can access a 
catalog to enforce security settings therein before relaying the call to the latter 
object. {Andrews, Col 7, 65-62). The figure showing this is provided below. 
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The Office states that the claim element, namely 'the business logic module 
employs interaction-based definitions in which a component which performs the 
operation is defined by a series of request-response interaction definitions that 
can be satisfied to perform the operation', is disclosed by Andrews. Specifically, 
the Office states the following. First, Andrews discloses in detail a business logic 
operation wherein a client object 206 attempts to access the functionality of the 
server object. {Office Action dated 08/24/06, page 2). Second, the wrapper 
disclosed in Andrews contains a series of security interaction definitions of the 
object. {Office Action dated 08/24/06, page 2). Finally, the Office concludes that 
once all the security interactions are completed, the operations are carried out and 
completed, which discloses the amended claims. {Office Action dated 08/24/06, 
page 2-3). The Applicant respectfully disagrees. 

As discussed above, Andrews provides a security framework where one 
object accessing the functionality of another object directs its call through a 
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wrapper. The wrapper performs the function of determining whether the former 
object has permission to access the functionality of the latter object. However, 
within the wrapper, the security interactions employed to determine the veracity of 
the call do not affect the definitions of either of the objects. Thus, Andrews does 
not disclose the above element, namely "the business logic module employs 
interaction-based definitions in which a component which performs the operation 
is defined by a series of request-response interaction definitions that can be 
satisfied to perform the operation" as recited in claim 1. Accordingly, the above 
specified claim rejections are rendered moot. Applicant respectfully requests 
allowance of the pending claims. 

Conclusion 

Claims 1, 4-19, 21-27, 29-31, and 35-42 are in condition of allowance. 
Applicant respectfully requests reconsideration and prompt allowance of the 
subject application. If any issue remains unresolved that would prevent allowance 
of this case, the Examiner is requested to contact the undersigned attorney to 
resolve the issue . 

Respectfully Submitted, 
Date: 00*- to, ZOX By: 

Lewis C. Lee 
Lee & Hayes, pile 
Reg. No. 34,656 
324-9256 ext. 211 
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